MobiusDAO Decimal Double-Multiplier

On May 11, 2025, the BNB Chain DeFi and RWA-tokenization platform MobiusDAO was drained for approximately $2.15 million through a decimal double-application bug. The pricing function for WBNB collateral applied a 10^18 scaling factor twice, massively over-valuing each user's deposit. With just 0.01 BNB (~$3) as input, the attacker minted 9.73 quadrillion MBU tokens and swapped them for stablecoins.

What happened

MobiusDAO let users mint MBU tokens by depositing WBNB as collateral. The minting math used a price oracle that returned BNB's USD price scaled by 10^18 (the standard 18-decimal fixed-point representation in Solidity).

The fatal flaw: the contract code then multiplied the returned price by 10^18 a second time — apparently because the developer expected the oracle to return a raw number that needed scaling, not realising the oracle had already done the scaling. The result: every BNB deposit was valued at 10^18 times its actual worth in the protocol's accounting.

The attack:

1. Deposited 0.01 BNB (worth approximately $3 at market price).
2. The protocol's pricing logic computed the deposit's "collateral value" as approximately $3 × 10^18 ≈ $3 quintillion.
3. Minted ~9.73 quadrillion MBU tokens against the absurd collateral valuation.
4. Swapped the freshly-minted MBU for stablecoins through DEX liquidity, extracting approximately $2.15M before the liquidity ran out.
5. Routed the stablecoins through Tornado Cash for laundering.

Aftermath

• MobiusDAO paused operations and contacted cybersecurity firms and law enforcement.
• The team announced plans for a protocol relaunch with corrected pricing math.
• No public recovery; the funds were laundered through Tornado Cash.
• MBU token price collapsed essentially to zero as the unbacked supply hit the market.

Why it matters

The MobiusDAO incident is one of the cleanest cases for the "obvious in hindsight" decimal bug class — protocol math that multiplies by a scaling factor that's already been applied upstream. The same family of bugs has recurred at:

• MobiusDAO (May 2025) — double 10^18 on price oracle.
• WOOFi (Mar 2024) — partial decimal scaling missed in sPMM.
• Vee Finance (Sep 2021) — decimals mismatch in slippage check.
• Multiple smaller protocols across various chains.

The defensive answer is conceptually simple but operationally demanding:

1. Every numerical input to a price calculation must have its scaling documented at the source and validated at the consumption point.
2. Property-based tests (Foundry invariants, Echidna) should fuzz the input space looking for unbounded outputs given bounded inputs — exactly the symptom the MobiusDAO bug would have produced under any test that allowed BNB price queries.
3. Code review for new tokenomics deployments should specifically include "draw the dimensional-analysis arrows" — what units does each variable carry, and do the operations between them produce consistent units?

The combination of $3 attacker capital → $2.15M output (a roughly 700,000× leverage ratio) is one of the highest economic-leverage exploits on record. The asymmetry between the cost of the bug (a single misplaced multiplication) and the cost of the recovery (protocol-relaunch territory) is the recurring lesson at the small-protocol end of DeFi history.